rkeus/webserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d0c77893f702be5a80ba8370f7f1d19468b25d60
webserver/CHEATSHEET.md
T
admin d0c77893f7 Add webserver provisioning + vhost scripts, README, cheatsheet 
- setup-webserver.sh: idempotent Ubuntu 24.04 LAMP provisioning
  (Apache event MPM + PHP 8.3-FPM + MariaDB + Node/Python, phpMyAdmin,
  Composer, Certbot, UFW, Fail2ban; optional components prompted/env-gated)
- add-vhost.sh: add an Apache virtual host, optional DB + TLS
- CHEATSHEET.md: day-to-day server CLI reference
- README.md: setup instructions and env-var matrix

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 04:00:01 +00:00

5.2 KiB
Raw Blame History

Web Server CLI Cheatsheet — Ubuntu 24.04 (Apache + PHP-FPM + MariaDB)

Daily commands for running the server built by setup-webserver.sh.

Quick status

sudo healthcheck                 # custom: all services, disk, memory, ports
systemctl status apache2         # one service detail
sudo systemctl --failed          # anything broken?
htop                             # live CPU/RAM/process (q to quit)
df -h                            # disk space
free -h                          # memory + swap

Apache

sudo systemctl reload apache2    # apply config, no dropped connections (PREFER)
sudo systemctl restart apache2   # full restart (drops connections)
sudo apache2ctl configtest       # check config BEFORE reload — always do this
apache2ctl -v                    # version

# Manage sites (vhosts)
sudo a2ensite SITE.conf          # enable a site
sudo a2dissite SITE.conf         # disable a site
sudo a2enmod rewrite             # enable a module
ls /etc/apache2/sites-available/ # all defined sites
ls /etc/apache2/sites-enabled/   # active sites (symlinks)

# Add a site (your script)
sudo ./add-vhost.sh example.com

# Logs (live tail, Ctrl+C to stop)
sudo tail -f /var/log/apache2/error.log
sudo tail -f /var/log/apache2/example.com-access.log

PHP / PHP-FPM

php -v                                   # version
php -m                                   # installed modules
sudo systemctl restart php8.3-fpm        # restart after ini changes
php -i | grep opcache                    # check opcache settings
sudo tail -f /var/log/php8.3-fpm.log     # FPM errors

# Config locations
/etc/php/8.3/fpm/php.ini                 # main FPM config
/etc/php/8.3/fpm/conf.d/                 # drop-in .ini files
/etc/php/8.3/fpm/pool.d/www.conf         # worker pool tuning

MariaDB / MySQL

sudo mariadb                     # connect as root (socket auth, no password)

# Inside the mariadb prompt (end each with ;)
SHOW DATABASES;
USE mydb;
SHOW TABLES;
SELECT user, host FROM mysql.user;
\q                               # quit

# One-liners from shell
sudo mariadb -e "SHOW DATABASES;"
sudo mariadb mydb < dump.sql     # import
sudo mariadb-dump mydb > dump.sql   # export single DB
sudo db-backup                   # your nightly backup, run manually
ls -lh /var/backups/mysql/       # backups

# Create app DB + user
sudo mariadb -e "CREATE DATABASE app CHARACTER SET utf8mb4;
  CREATE USER 'app'@'localhost' IDENTIFIED BY 'CHANGE_ME';
  GRANT ALL ON app.* TO 'app'@'localhost'; FLUSH PRIVILEGES;"

Firewall (UFW)

sudo ufw status verbose          # rules + active?
sudo ufw allow 8080/tcp          # open a port
sudo ufw delete allow 8080/tcp   # close it
sudo ufw deny from 1.2.3.4       # block an IP

Fail2ban (brute-force bans)

sudo fail2ban-client status              # active jails
sudo fail2ban-client status sshd         # banned IPs for SSH
sudo fail2ban-client set sshd unbanip 1.2.3.4   # unban

TLS / Certbot

sudo certbot --apache -d example.com -d www.example.com   # get cert
sudo certbot certificates        # list certs + expiry
sudo certbot renew --dry-run     # test auto-renew (real renew is automatic)

Services (systemd) — the universal pattern

sudo systemctl start|stop|restart|reload|status NAME
sudo systemctl enable NAME       # start on boot
sudo systemctl disable NAME      # don't start on boot
journalctl -u NAME -f            # live logs for any service
journalctl -u NAME --since "1 hour ago"

Files & permissions (web root)

sudo chown -R www-data:www-data /var/www/example.com   # web server owns files
sudo find /var/www -type d -exec chmod 755 {} \;       # dirs
sudo find /var/www -type f -exec chmod 644 {} \;       # files
du -sh /var/www/*                # folder sizes

Node (if installed)

node -v ; npm -v
pm2 start app.js --name myapp    # run a node app, kept alive
pm2 list                         # running apps
pm2 logs myapp
pm2 restart myapp
pm2 startup && pm2 save          # survive reboot

System maintenance

sudo apt update && sudo apt upgrade -y   # update packages
sudo apt autoremove                      # clean unused
sudo reboot
uptime                                   # how long up + load
who                                      # who's logged in
last                                     # login history

Logs — where to look when something breaks

Problem Look here
Site 500 error /var/log/apache2/<site>-error.log
PHP crash /var/log/php8.3-fpm.log
DB won't start journalctl -u mariadb
Can't SSH in journalctl -u ssh (from console)
Service down systemctl status <name>
Anything else journalctl -xe

Survival tips

  • Always configtest before reloading Apache. Bad config + restart = site down.
  • reload over restart when possible — no dropped connections.
  • Keep an SSH session open when changing SSH/firewall config. Test new login in a second terminal before closing the first.
  • Ctrl+C stops a running command (like tail -f). q quits pagers (less, htop).
  • Tab autocompletes paths/commands. recalls last command.
Reference in New Issue View Git Blame Copy Permalink